Sign-up

ID

VAR-201303-0326


CVE

CVE-2013-2560


TITLE

Foscam Directory traversal vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-001913

DESCRIPTION

Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials. ( Dot dot ) including URI Any file may be read via. Foscam is a webcam video recording device. Foscam has a path traversal vulnerability where an unauthenticated attacker can access the entire file system and steal network and WiFi credentials. Foscam is prone to a directory-traversal vulnerability. This may aid in further attacks. Foscam is a leading professional high-tech company providing IP video products and solutions

Trust: 2.52

sources: NVD: CVE-2013-2560 // JVNDB: JVNDB-2013-001913 // CNVD: CNVD-2013-01448 // BID: 58290 // VULHUB: VHN-62562

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-01448

AFFECTED PRODUCTS

vendor:foscammodel:fi8919wscope:lteversion:firmware_11.37.2.47

Trust: 1.0

vendor:foscammodel:fi8919wscope:ltversion:firmware 11.37.2.49

Trust: 0.8

vendor:foscammodel:foscamscope:lteversion:<=11.37.2.48

Trust: 0.6

vendor:foscammodel:fi8919wscope:eqversion:firmware_11.37.2.47

Trust: 0.6

sources: CNVD: CNVD-2013-01448 // JVNDB: JVNDB-2013-001913 // CNNVD: CNNVD-201303-334 // NVD: CVE-2013-2560

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2560
value: HIGH

Trust: 1.0

NVD: CVE-2013-2560
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201303-334
value: HIGH

Trust: 0.6

VULHUB: VHN-62562
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-2560
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-62562
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-62562 // JVNDB: JVNDB-2013-001913 // CNNVD: CNNVD-201303-334 // NVD: CVE-2013-2560

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-62562 // JVNDB: JVNDB-2013-001913 // NVD: CVE-2013-2560

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201303-334 // CNNVD: CNNVD-201303-075

TYPE

path traversal

Trust: 1.2

sources: CNNVD: CNNVD-201303-334 // CNNVD: CNNVD-201303-075

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001913

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-62562

PATCH
title:Top Pageurl:http://foscam.us/
Trust: 0.8
title:Foscam path traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/32615
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-01448 // 
            
            
            
            JVNDB: JVNDB-2013-001913

EXTERNAL IDS
db:NVDid:CVE-2013-2560
Trust: 2.8
db:BIDid:58290
Trust: 1.0
db:JVNDBid:JVNDB-2013-001913
Trust: 0.8
db:PACKETSTORMid:120624
Trust: 0.7
db:CNNVDid:CNNVD-201303-334
Trust: 0.7
db:CNVDid:CNVD-2013-01448
Trust: 0.6
db:BUGTRAQid:20130313 RE: [CVE-REQUEST] FOSCAM <= 11.37.2.48 PATH TRAVERSAL VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-201303-075
Trust: 0.6
db:EXPLOIT-DBid:38356
Trust: 0.1
db:VULHUBid:VHN-62562
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-01448 // 
            
            
            
            VULHUB: VHN-62562 // 
            
            
            
            BID: 58290 // 
            
            
            
            JVNDB: JVNDB-2013-001913 // 
            
            
            
            CNNVD: CNNVD-201303-334 // 
            
            
            
            CNNVD: CNNVD-201303-075 // 
            
            
            
            NVD: CVE-2013-2560

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2560
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2560
Trust: 0.8
url:http://packetstormsecurity.com/files/120624/foscam-firmware-11.37.2.48-path-traversal.html
Trust: 0.6
url:http://www.securityfocus.com/bid/58290
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-01448 // 
            
            
            
            VULHUB: VHN-62562 // 
            
            
            
            JVNDB: JVNDB-2013-001913 // 
            
            
            
            CNNVD: CNNVD-201303-334 // 
            
            
            
            CNNVD: CNNVD-201303-075 // 
            
            
            
            NVD: CVE-2013-2560

CREDITS
Frederic Basse
Trust: 0.9
sources:
            
            
            BID: 58290 // 
            
            
            
            CNNVD: CNNVD-201303-075

SOURCES
db:CNVDid:CNVD-2013-01448
db:VULHUBid:VHN-62562
db:BIDid:58290
db:JVNDBid:JVNDB-2013-001913
db:CNNVDid:CNNVD-201303-334
db:CNNVDid:CNNVD-201303-075
db:NVDid:CVE-2013-2560

LAST UPDATE DATE
2024-08-14T15:14:05.203000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-01448date:2013-05-20T00:00:00
db:VULHUBid:VHN-62562date:2013-03-20T00:00:00
db:BIDid:58290date:2013-10-16T01:04:00
db:JVNDBid:JVNDB-2013-001913date:2013-03-21T00:00:00
db:CNNVDid:CNNVD-201303-334date:2013-03-18T00:00:00
db:CNNVDid:CNNVD-201303-075date:2013-03-07T00:00:00
db:NVDid:CVE-2013-2560date:2013-03-20T04:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-01448date:2013-03-06T00:00:00
db:VULHUBid:VHN-62562date:2013-03-15T00:00:00
db:BIDid:58290date:2013-03-01T00:00:00
db:JVNDBid:JVNDB-2013-001913date:2013-03-21T00:00:00
db:CNNVDid:CNNVD-201303-334date:2013-03-18T00:00:00
db:CNNVDid:CNNVD-201303-075date:2013-03-06T00:00:00
db:NVDid:CVE-2013-2560date:2013-03-15T20:55:11.413